Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016 Ran by Matthew (administrator) on MATTHIEU (26-02-2016 09:16:03) Running from D:\Matt Loaded Profiles: Matthew (Available Profiles: Matthew) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [405424 2015-09-05] () HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe" HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-04-23] (Dell Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation) HKLM-x32\...\Run: [MetroTileShortcut] => "C:\Program Files\McAfeeAntiTheft\2.1.170.2\McATUIHost.exe" /IMAT_SHORTCUTS HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064592 2015-07-22] (NVIDIA Corporation) HKU\S-1-5-21-703687859-3442917728-3295428137-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [2012 2016-02-25] () ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{06e3750f-8354-4b2d-a6e5-76c820542f51}: [DhcpNameServer] 172.168.0.2 Tcpip\..\Interfaces\{e6aac4e3-0e60-4c8c-a6ad-c877e21b5c18}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-703687859-3442917728-3295428137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-703687859-3442917728-3295428137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://dell13.msn.com/?pc=dcjb SearchScopes: HKU\S-1-5-21-703687859-3442917728-3295428137-1001 -> DefaultScope {0FF35A26-9176-4CD6-AF66-557026AF4FC8} URL = FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25] CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-25] CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25] CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25] CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25] CHR Extension: (Google Sheets) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25] CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-25] CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel) S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [125440 2013-04-30] (Dell Inc.) [File not signed] S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-05] (Intel Corporation) S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-01] (Intel Corporation) S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-26] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268048 2015-08-05] (Intel Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation) S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated) R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-25] () S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-25 23:03 - 2016-02-25 23:04 - 00000543 _____ C:\Users\Matthew\Desktop\JRT.txt 2016-02-25 22:54 - 2016-02-25 22:56 - 00000000 ____D C:\AdwCleaner 2016-02-25 22:49 - 2016-02-26 07:50 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-25 22:36 - 2016-02-25 22:36 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2016-02-25 22:35 - 2016-02-25 22:48 - 00000000 ____D C:\ProgramData\RogueKiller 2016-02-25 22:20 - 2016-02-26 09:16 - 00000000 ____D C:\FRST 2016-02-25 21:11 - 2016-02-25 21:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-25 21:11 - 2016-02-25 21:11 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-25 21:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-02-25 21:11 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-02-25 21:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-02-25 20:22 - 2016-02-25 20:22 - 00006144 _____ C:\WINDOWS\system32\umstartup.etl 2016-02-25 20:13 - 2016-02-25 20:26 - 00000000 ____D C:\Users\Matthew\AppData\Local\ElevatedDiagnostics 2016-02-25 20:08 - 2016-02-25 23:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-02-25 20:07 - 2016-02-26 00:46 - 02073956 _____ C:\WINDOWS\ntbtlog.txt 2016-02-25 20:06 - 2016-02-25 18:00 - 00000000 ___DC C:\WINDOWS\Panther 2016-02-25 20:03 - 2016-02-25 20:03 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-02-25 20:03 - 2016-02-25 20:03 - 00000000 ____D C:\Windows.old 2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files\MSBuild 2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-02-25 19:59 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-02-25 19:59 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-02-25 19:59 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-02-25 19:59 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-02-25 19:59 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-02-25 19:59 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-02-25 18:02 - 2016-02-25 18:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-02-25 18:01 - 2016-02-25 18:01 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-25 18:01 - 2016-02-25 18:01 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-25 18:01 - 2016-02-25 18:01 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-25 18:01 - 2016-02-25 18:01 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-25 18:01 - 2016-02-25 18:01 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-25 18:01 - 2016-02-25 18:01 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-25 18:00 - 2016-02-25 19:54 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-25 18:00 - 2016-02-25 18:01 - 00000000 ____D C:\Users\Matthew\AppData\Local\Google 2016-02-25 18:00 - 2016-02-25 18:01 - 00000000 ____D C:\Program Files (x86)\Google 2016-02-25 17:59 - 2016-02-25 18:00 - 00987728 _____ (Google Inc.) C:\Users\Matthew\Downloads\ChromeSetup.exe 2016-02-25 17:59 - 2015-07-22 20:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-02-25 17:59 - 2015-07-22 20:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-02-25 17:59 - 2015-07-22 20:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-02-25 17:59 - 2015-07-22 19:44 - 00572048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-02-25 17:59 - 2015-07-21 23:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-02-25 17:56 - 2016-02-25 17:57 - 00000000 ____D C:\Users\Matthew\AppData\Local\MicrosoftEdge 2016-02-25 17:51 - 2016-02-25 17:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-02-25 17:51 - 2016-02-25 17:53 - 00000000 __SHD C:\Users\Matthew\IntelGraphicsProfiles 2016-02-25 17:51 - 2016-02-25 17:51 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-02-25 17:50 - 2016-02-25 20:16 - 00000000 ___HD C:\OneDriveTemp 2016-02-25 17:50 - 2016-02-25 17:57 - 00002382 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-25 17:50 - 2016-02-25 17:57 - 00000000 ___RD C:\Users\Matthew\OneDrive 2016-02-25 17:50 - 2016-02-25 17:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-02-25 17:48 - 2016-02-25 17:48 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-02-25 17:47 - 2016-02-25 17:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\ActiveSync 2016-02-25 17:46 - 2016-02-25 17:46 - 00000000 ____D C:\Users\Matthew\AppData\Local\Publishers 2016-02-25 17:45 - 2016-02-25 17:45 - 00000020 ___SH C:\Users\Matthew\ntuser.ini 2016-02-25 17:45 - 2016-02-25 17:45 - 00000000 ____D C:\Users\Matthew\AppData\Local\TileDataLayer 2016-02-25 17:45 - 2016-02-25 17:45 - 00000000 ____D C:\Users\Matthew\AppData\Local\Comms 2016-02-25 17:24 - 2016-02-25 17:24 - 00000000 ____D C:\ProgramData\USOShared 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\My Documents 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-02-25 17:21 - 2016-02-25 23:07 - 00788424 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-25 17:21 - 2016-02-25 18:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-25 17:21 - 2016-02-25 17:21 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-02-25 17:16 - 2016-02-25 17:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-02-25 17:14 - 2016-02-25 17:14 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-02-25 17:13 - 2016-02-25 18:03 - 00000000 ____D C:\Users\Matthew 2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\My Documents 2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Videos 2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Pictures 2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Music 2016-02-25 17:10 - 2016-02-25 17:10 - 00849522 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2016-02-25 17:10 - 2016-02-25 17:10 - 00458970 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat 2016-02-25 17:10 - 2016-02-25 17:10 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\Synaptics 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\STMicroelectronics 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\Realtek 2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\DIFX 2016-02-25 17:10 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-02-25 17:10 - 2012-07-13 16:31 - 00022168 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys 2016-02-25 17:07 - 2016-02-25 17:52 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-02-25 16:07 - 2016-02-25 16:07 - 00000000 ____D C:\Program Files\Common Files\Intel 2016-02-25 16:07 - 2016-02-25 16:07 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-02-25 16:01 - 2016-02-25 16:26 - 00000000 ___HD C:\$WINDOWS.~BT.old 2016-02-25 15:35 - 2016-02-25 15:35 - 00000000 ___HD C:\$Windows.~WS.old 2016-02-25 13:47 - 2016-02-25 13:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\softthinks 2016-02-25 13:47 - 2016-02-25 13:47 - 00000000 ____D C:\ProgramData\softthinks 2016-02-25 13:47 - 2013-05-23 20:37 - 00000094 ____H C:\DBAR_Ver.txt 2016-02-25 13:44 - 2016-02-25 17:21 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-703687859-3442917728-3295428137-1001 2016-02-25 02:07 - 2016-02-25 17:22 - 00010449 _____ C:\WINDOWS\diagerr.xml 2016-02-25 02:07 - 2016-02-25 17:22 - 00009528 _____ C:\WINDOWS\diagwrn.xml 2016-02-25 01:58 - 2016-02-25 15:52 - 00000000 ____D C:\ESD 2016-02-25 01:31 - 2016-02-25 01:31 - 00000000 _____ C:\Recovery.txt 2016-02-25 01:13 - 2016-02-25 01:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Macromedia 2016-02-25 01:13 - 2016-02-25 01:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Intel Corporation 2016-02-25 01:12 - 2016-02-25 01:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-02-25 01:12 - 2016-02-25 01:12 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Adobe 2016-02-25 01:11 - 2016-02-25 18:02 - 00000000 ____D C:\Users\Matthew\AppData\Local\Packages 2016-02-25 01:11 - 2016-02-25 01:11 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Intel 2016-02-25 01:11 - 2016-02-25 01:11 - 00000000 ____D C:\Users\Matthew\AppData\Local\VirtualStore 2016-02-25 00:32 - 2016-02-25 17:46 - 00000000 __RHD C:\Users\Public\AccountPictures ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-25 22:56 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-02-25 20:13 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-25 20:06 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-02-25 18:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-25 18:02 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-25 18:00 - 2013-09-28 12:48 - 00000000 ____D C:\Temp 2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-02-25 17:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help 2016-02-25 17:55 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-02-25 17:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-02-25 17:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-25 17:25 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-25 17:24 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate 2016-02-25 17:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-02-25 17:23 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-02-25 17:22 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration 2016-02-25 17:21 - 2013-09-28 12:46 - 00003014 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 2016-02-25 17:21 - 2013-09-28 12:46 - 00002634 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon 2016-02-25 17:21 - 2013-09-28 12:31 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-02-25 17:21 - 2013-09-28 12:31 - 00003086 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d 2016-02-25 17:21 - 2013-09-28 12:31 - 00002708 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon 2016-02-25 17:21 - 2013-09-28 12:03 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2016-02-25 17:19 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries 2016-02-25 17:16 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-25 17:16 - 2013-09-28 12:52 - 00000000 ____D C:\WINDOWS\en 2016-02-25 17:16 - 2013-09-28 12:51 - 00000000 ____D C:\WINDOWS\fr 2016-02-25 17:16 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files\My Dell 2016-02-25 17:16 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-02-25 17:16 - 2013-09-28 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-02-25 17:16 - 2013-09-28 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio 2016-02-25 17:16 - 2013-09-28 12:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-02-25 17:16 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Default.migrated 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\winrm 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\WCN 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\slmgr 2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME 2016-02-25 17:15 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-02-25 17:15 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-02-25 17:15 - 2013-09-28 12:39 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles 2016-02-25 17:15 - 2013-09-28 12:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-02-25 17:15 - 2013-09-28 12:12 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2016-02-25 17:14 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-25 17:14 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\DigitalLocker 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-02-25 17:14 - 2013-09-28 12:53 - 00000000 ____D C:\ProgramData\McAfee 2016-02-25 17:14 - 2013-09-28 12:51 - 00000000 ____D C:\ProgramData\PRICache 2016-02-25 17:14 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files\Dell Support Center 2016-02-25 17:14 - 2013-09-28 12:44 - 00000000 ____D C:\Program Files\Intel Corporation 2016-02-25 17:14 - 2013-09-28 12:29 - 00000000 ____D C:\Program Files\Intel 2016-02-25 17:14 - 2013-09-28 12:29 - 00000000 ____D C:\Program Files (x86)\Intel 2016-02-25 17:12 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-02-25 17:07 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-02-25 16:09 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2016-02-25 16:08 - 2013-09-28 12:30 - 00000000 ____D C:\ProgramData\Intel 2016-02-25 16:05 - 2013-09-28 12:34 - 00000000 ____D C:\ProgramData\Package Cache 2016-02-25 16:05 - 2013-09-28 12:29 - 00000000 ____D C:\Intel 2016-02-25 15:36 - 2012-08-05 09:08 - 00804516 _____ C:\WINDOWS\system32\perfh00C.dat 2016-02-25 15:36 - 2012-08-05 09:08 - 00159844 _____ C:\WINDOWS\system32\perfc00C.dat 2016-02-25 02:28 - 2013-09-28 12:47 - 00000000 ____D C:\ProgramData\PCDr Some files in TEMP: ==================== C:\Users\Matthew\AppData\Local\Temp\dllnt_dump.dll C:\Users\Matthew\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-25 17:07 ==================== End of FRST.txt ============================